L2 VPN-Any to Any Interworking

You have seen that Layer 2 VPN is possible with like-to-like ACs such as HDLC-to-HDLC. In the forthcoming subsections, you will be introduced to L2 VPN implementation between different types of attachment circuits like Ethernet-to-PPP and so on. This function of translating different Layer 2 encapsulations is also called L2 VPN Interworking. L2 VPN Interworking, therefore, provides service providers with the ability to interconnect sites using different transport mediums on a common infrastructure. The common infrastructure is the MPLS backbone, which facilitates the interworking functionality of translating between various Layer 2 technologies. The L2 VPN Interworking feature supports Ethernet, 802.1Q (VLAN), Frame Relay, ATM AAL5, and PPP attachment circuits over MPLS.

The L2 VPN Interworking function is implemented in two modes.

Bridged Interworking Mode

In bridged interworking mode, Ethernet frames are extracted from the AC and sent over the pseudo wire. AC frames that are not Ethernet are dropped. In the case of a VLAN, the VLAN tag is removed, leaving an untagged Ethernet frame. This interworking functionality is implemented by configuring the interworking ethernet command under the pseudo-wire class configuration mode.

The CE2-A generates an 802.1Q encapsulated frame. This 802.1Q frame is forwarded to PE2.

Step 2.

PE2 removes the VLAN tag and performs bridging of the native Ethernet frames into the emulated VC (pseudo wire) established between PE routers. The Ethernet frame is encapsulated using a standard AToM encapsulation, which means the label header of two labels is attached.

The outer label, or tunnel label (L1), is the label that switches the frame across the MPLS backbone toward the PE1 router, and this label is to be assigned either by standard LDP or RSVP-TE in case an MPLS TE tunnel has been established between the PE routers. The inner label, or the VC label (VC1), is the label that distinguishes between multiple emulated VCs (pseudo wires) between the PE routers.

Step 3.

The P1 router, upon receiving this frame, removes the top label (tunnel label) and forwards the packet to PE1.

Step 4.

The PE1 router, after receiving the Ethernet frame over an emulated VC, performs bridging and sends the frame to CE router CE1-A.

Routed Interworking Mode

In routed interworking, IP packets are extracted from the AC and sent over the pseudo wire. AC frames are dropped if they do not contain the IPv4 packets. This interworking functionality is implemented by configuring the interworking ip command under the pseudo-wire class configuration mode.

CE2-A router generates an IP packet, which is encapsulated using 802.1Q encapsulation.

Step 2.

PE2 receives the frame for further processing. In routed interworking, PE2 strips out the Layer 2 frame and bridges IP packets instead of bridging frames. Next, an AToM header (L1 and VC1) is attached to the decapsulated IP packet. Control Word 2 (CW2), an additional control word, is attached to carry information about the L2 protocol type. This control word is needed to resolve ARP requests, because the L2 circuit is terminated at the PE router.

Step 3.

P1 pops the top label and forwards the resulting packet to PE1.

Step 4.

The PE1 router, after receiving the Ethernet frame over an emulated VC, routes the IP packet to CE router CE1-A.

L2 VPN Interworking Limitations

L2 VPN Interworking has limitations to be considered when implementing interworking functionality between different Layer 2 technologies. The following are some of the limitations pertaining to the relevant Layer 2 technology.

L2 VPN Interworking Limitations for Ethernet/VLAN

Multipoint configurations are not supported. Care should be taken when configuring routing protocols for Ethernet to Frame Relay interworking. For example, in case of OSPF, one site operating in broadcast and the other site on nonbroadcast or point-to-point would result in OSPF adjacency not forming across the pseudo wire. It is, therefore, necessary to ensure that OSPF operates in a single mode on both ends. The PE router acts as a proxy ARP server and responds with its own MAC address to CE router's ARP requests. When you change the interworking configuration on the Ethernet PE router, ensure that the ARP entry on the adjacent CE router is cleared, so that it can learn the new MAC address. Otherwise, you might encounter traffic drops.

L2 VPN Interworking Limitations for Frame Relay

Inverse ARP is not supported with IP interworking. CE routers must use the point-to-point subinterfaces or static maps. The AC maximum transmission unit (MTU) sizes must match when you connect them over an MPLS. To avoid reduction of the interface MTUs to the lowest common denominator (1500 bytes in this case), you can specify the MTU for individual DLCIs using the mtu command. The PE router automatically supports the translation of both Cisco and IETF encapsulations coming from the CE, but translates only to IETF when sending to the CE router. This is not a problem for the Cisco CE router because it can handle the IETF encapsulation on receipt, even if it is configured to send Cisco encapsulation.

L2 VPN Interworking Limitations for AAL5

Only ATM AAL5 VC mode is supported. ATM VP and port mode are not supported. SVCs are not supported. Inverse ARP is not supported with IP interworking. CE routers must use point-to-point subinterfaces or static maps. Both AAL5MUX and AAL5SNAP encapsulations are supported.

Figure 11-51 shows an MPLS provider network providing L2 VPN Interworking for Customer A site devices CE1-A and CE2-A. PE1 and PE2 are the PE routers in the MPLS provider network. CE1-A is connected via Ethernet to PE1, and CE2-A is connected via 802.1Q VLAN to PE2.

Figure 11-51. Configuring L2 VPN Interworking – Ethernet to VLAN

Configuration Steps – Ethernet to VLAN Interworking

The steps to configure Ethernet to VLAN Interworking between CE1-A and CE2-A are as follows:

Step 1.

Define pseudo-wire class on PE routers – In this step, a pseudo-wire class called Eth-VLAN is defined on PE1 and VLAN-Eth on PE2. The configuration is shown in Example 11-37. This class configures the pseudo wire between the PE Routers PE1 and PE2. Ensure that the parameters of the pseudo-wire class are the same on both PEs to enable pseudo-wire establishment. Example 11-37 shows that AToM encapsulation (encapsulation mpls) and bridged interworking mode (interworking ethernet) will be used by the pseudo-wire class on the PE Routers PE1 and PE2.

Define AToM VC to transport Layer 2 frames – In this step, use the xconnect statement to define the AToM VC to carry the Layer 2 frames from CE1-A to CE2-A, and vice versa. Associate the pseudo-wire class defined in Step 1 with the AToM VC. See Example 11-38.

Figure 11-52 shows the final relevant configuration for customer and PE routers.

Figure 11-52. Final Configuration – Ethernet to VLAN

Verification of Ethernet to VLAN Interworking over MPLS

Verify AToM VC is up. Example 11-39 shows the output of show mpls l2transport vc in which the L2 transport VC is operational. The local circuit on PE1 is shown to be Ethernet on PE1 and Ethernet VLAN on PE2.

Figure 11-53 shows the control and data forwarding operation for Ethernet to VLAN interworking. From a control plane perspective, PE1 allocates VC label 18 for the Ethernet circuit connected to CE1-A. PE1 propagates this VC label 18 to PE2. As part of the IGP label operation, P1 assigns an LDP label 16 for PE1 (10.10.10.101) and propagates this to PE2. PE2 uses IGP label 16 to guide the data packet originating from CE2-A to CE1-A across the MPLS backbone.

Figure 11-53. Control and Data Plane Forwarding: Ethernet to VLAN

Frame Relay to AAL5 Interworking

Figure 11-54 shows an MPLS provider network providing L2 VPN Interworking for Customer A site devices CE1-A and CE2-A. PE1 and PE2 are the PE routers in the MPLS provider network. CE1-A is connected via ATM to PE1, and CE2-A is connected via Frame Relay to PE2.

Figure 11-54. L2 VPN Network – Frame Relay to AAL5

Configuration Steps – Frame Relay to AAL5 Interworking

The steps to configure Frame Relay to AAL5 Interworking between CE1-A and CE2-A are as follows:

Step 1.

Define pseudo-wire class on PE routers – In this step, a pseudo-wire class called AAL5-FR is defined on PE1 and Fr-AAL5 on PE2. Example 11-40 shows that the AToM encapsulation (encapsulation mpls) and routed interworking model (interworking ip) is used by the pseudo-wire class on the PE routers PE1 and PE2.

Define AToM VC to transport Layer 2 frames – In Example 11-41, use the xconnect statement to define the AToM VC to carry the Layer 2 frames from CE1-A to CE2-A and vice versa. Associate the pseudo-wire class defined in Step 1 with the AToM VC.

Verify tunnel and VC label – Example 11-43 shows the output of show mpls l2transport vc detail. The output indicates the directed LDP peer is 10.10.10.102 and that the AToM VC is functional to transport L2 packets across the MPLS backbone. The VC ID is 100 and tunnel label is 17. This tunnel label is derived from LDP. The VC label on PE1 for outgoing interface on PE2 connected to CE2-A is 17, and it allocates VC label 23 for the interface connected to CE1-A.

Figure 11-55 shows an MPLS provider network using L2 VPN Interworking for Customer A sites with devices CE1-A and CE2-A. PE1 and PE2 are the PE routers in the MPLS provider network. CE1-A is connected using PPP encapsulation to PE1 and CE2-A is connected via Frame Relay to PE2.

Figure 11-55. Configuring L2 VPN Interworking – PPP to Frame Relay

Configuration Steps – Ethernet to VLAN Interworking

The steps to configure Ethernet to VLAN Interworking between CE1-A and CE2-A are as follows:

Step 1.

Define pseudo-wire class on PE routers – In this step, pseudo-wire classes called PPP-FR and FR-PPP are defined on PE1 and PE2, respectively. The configuration is shown in Example 11-45. Ensure that the parameters of the pseudo-wire class are the same on both PEs; otherwise, the pseudo wire will not be established.

Define AToM VC to transport Layer 2 frames – Use the xconnect statement to define the AToM VC to carry the Layer 2 frames from CE1-A to CE2-A and vice versa. Associate the pseudo-wire class defined in Step 1 with the AToM VC. See Example 11-46.

Verify tunnel and VC label – Example 11-48 shows the output of show MPLS l2transport binding. The output indicates the directed LDP peer is 10.10.10.102 and that the AToM VC is functional to transport L2 packets across the MPLS backbone.

Figure 11-57 shows an MPLS provider network using L2 VPN Interworking for Customer A sites with devices CE1-A and CE2-A as CE routers. PE1 and PE2 are the PE routers in the MPLS provider network. CE1-A is connected via 802.1Q VLAN to PE1, and CE2-A is connected via Frame Relay to PE2.

Figure 11-57. Frame Relay to VLAN Interworking Topology

Configuration Steps for Frame Relay to VLAN Interworking

The steps to configure Ethernet to VLAN interworking between CE1-A and CE2-A are as follows:

Step 1.

Define pseudo-wire class on PE routers – In this step, a pseudo-wire class called VLAN-FR is defined on PE1 and Fr-VLAN on PE2. The configuration is shown in Example 11-50.

Define AToM VC to transport Layer 2 frames – In this example, you use the xconnect statement to define the AToM VC to carry the Layer 2 frames from CE1-A to CE2-A and vice versa. Associate the pseudo-wire class defined in Step 1 with the AToM VC. See Example 11-51.

Verify tunnel and VC label – Example 11-53 shows the output of show mpls l2transport binding. The output indicates the directed LDP peer is 10.10.10.102 and that the AToM VC is functional to transport L2 packets across the MPLS backbone.

Figure 11-58 shows the final configurations for implementing Frame Relay to VLAN interworking.

Figure 11-58. Final Configurations for Frame Relay to VLAN Interworking

AAL5 to VLAN Interworking

Figure 11-59 shows an MPLS provider network that provides L2 VPN Interworking for Customer A sites with CE1-A and CE2-A as the CE devices. PE1 and PE2 are the PE routers in the MPLS provider network. CE1-A is connected via ATM to PE1, and CE2-A is connected via 802.1Q VLAN to PE2.

Figure 11-59. L2 VPN Interworking – ATM to VLAN Topology

Configuration Steps – VLAN to AAL5 Interworking

The steps to configure VLAN to AAL5 interworking between CE1-A and CE2-A are as follows:

Step 1.

Define pseudo-wire class on PE routers – In this step, a pseudo-wire class, called Eth-VLAN, is defined on PE1 and VLAN-Eth on PE2. The configuration is shown in Example 11-55.

Define AToM VC to transport Layer 2 frames – Use the xconnect statement to define the AToM VC to carry the Layer 2 frames from CE1-A to CE2-A and vice versa. Associate the pseudo-wire class defined in Step 1 with the AToM VC. See Example 11-56.

Verify tunnel and VC label – Example 11-58 shows the output of show mpls l2transport binding. The output indicates the directed LDP peer is 10.10.10.102 and that the AToM VC is functional to transport L2 packets across the MPLS backbone.